Add files from 2.16.000 MCUXpresso SDK release

Merge in MCUCORE/mcuboot from release/2.16.000_major_rfp_gh_review to release/2.16.000_major_rfp_gh

ChangeLogKSDK.txt

@@ -0,0 +1,9 @@
+/**
+@page middleware_log Middleware Change Log
+@section mcuboot_opensource MCUBoot for MCUXpresso SDK
+  Current version is MCUBoot 2.0.0.
+
+  - 2.0.0
+    - Changed %zx to %x in printf's to make it compatible with internal formatting function
+    - Used original version of hmac.c in TinyCrypt to make it compatible with IAR
+*/

README.md

@@ -4,6 +4,7 @@
 [![Coverity Scan Build Status](https://scan.coverity.com/projects/12307/badge.svg)][coverity]
 [![Build Status (Sim)](https://github.com/mcu-tools/mcuboot/workflows/Sim/badge.svg)][sim]
 [![Build Status (Mynewt)](https://github.com/mcu-tools/mcuboot/workflows/Mynewt/badge.svg)][mynewt]
+[![Build Status (Espressif)](https://github.com/mcu-tools/mcuboot/workflows/Espressif/badge.svg)][espressif]
 [![Publishing Status (imgtool)](https://github.com/mcu-tools/mcuboot/workflows/imgtool/badge.svg)][imgtool]
 [![Build Status (Travis CI)](https://img.shields.io/travis/mcu-tools/mcuboot/main.svg?label=travis-ci)][travis]
 [![Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)][license]
@@ -12,11 +13,12 @@
 [coverity]: https://scan.coverity.com/projects/mcuboot
 [sim]: https://github.com/mcu-tools/mcuboot/actions?query=workflow:Sim
 [mynewt]: https://github.com/mcu-tools/mcuboot/actions?query=workflow:Mynewt
+[espressif]: https://github.com/mcu-tools/mcuboot/actions?query=workflow:Espressif
 [imgtool]: https://github.com/mcu-tools/mcuboot/actions?query=workflow:imgtool
 [travis]: https://travis-ci.org/mcu-tools/mcuboot
 [license]: https://github.com/mcu-tools/mcuboot/blob/main/LICENSE
 
-This is MCUboot version 1.10.0
+This is MCUboot version 2.0.0
 
 MCUboot is a secure bootloader for 32-bits microcontrollers. It defines a
 common infrastructure for the bootloader and the system flash layout on

SW-Content-Register.txt

@@ -1,7 +1,7 @@
 Release Name: MCUBoot
-Release Version: 1.9.0
+Release Version: 2.0.0
 Outgoing License: Apache License Version 2.0, January 2004
 License File: LICENSE
 Format: Source
 Description: MCUboot is a secure bootloader for 32-bits microcontrollers.
-Origin: https://github.com/mcu-tools/mcuboot
+Origin: https://github.com/mcu-tools/mcuboot

boot/bootutil/include/bootutil/boot_hooks.h

@@ -34,8 +34,6 @@
 #ifndef H_BOOTUTIL_HOOKS
 #define H_BOOTUTIL_HOOKS
 
-#include "bootutil/bootutil.h"
-
 #ifdef MCUBOOT_IMAGE_ACCESS_HOOKS
 
 #define BOOT_HOOK_CALL(f, ret_default, ...) f(__VA_ARGS__)
@@ -159,22 +157,6 @@ int boot_serial_uploaded_hook(int img_index, const struct flash_area *area,
 int boot_img_install_stat_hook(int image_index, int slot,
                                int *img_install_stat);
 
-/** Hook for implement the alternate way to choose active slot than by examining
- *  the slots with highest version in direct-xip mode.
- *
- * By default the active slot is chosen by the highest version number. This way 
- * the user can adjust the execution flow for example provide mechanics to 
- * support downgrade option etc.
- *
- * @param state Boot loader status information.
- * @param candidate_slot Pointer to store found candidate slot
- *
- * @retval 0: found candidate slot, skip finding slot by version
- *         BOOT_HOOK_REGULAR: follow the normal execution path, value of 
- *         candidate_slot is unchanged
- */
-int boot_find_active_slot_hook(struct boot_loader_state *state, uint32_t *candidate_slot);
-
 /** Hook will be invoked when boot_serial requests device reset.
  *  The hook may be used to prevent device reset.
  *

boot/bootutil/include/bootutil/boot_record.h

@@ -25,6 +25,16 @@
 extern "C" {
 #endif
 
+/** Error codes for using the shared memory area. */
+enum shared_memory_status {
+    SHARED_MEMORY_OK           = 0,
+    SHARED_MEMORY_OVERFLOW,
+    SHARED_MEMORY_OVERWRITE,
+    SHARED_MEMORY_GEN_ERROR,
+    SHARED_MEMORY_WRITE_ERROR,
+    SHARED_MEMORY_READ_ERROR,
+};
+
 /**
  * @brief Add a data item to the shared data area between bootloader and
  *        runtime SW
@@ -59,13 +69,17 @@ int boot_save_boot_status(uint8_t sw_module,
  * Add application specific data to the shared memory area between the
  * bootloader and runtime SW.
  *
- * @param[in]  hdr        Pointer to the image header stored in RAM.
- * @param[in]  fap        Pointer to the flash area where image is stored.
+ * @param[in]  hdr           Pointer to the image header stored in RAM.
+ * @param[in]  fap           Pointer to the flash area where image is stored.
+ * @param[in]  slot          The currently active slot being booted.
+ * @param[in]  max_app_size  The maximum size of an image that can be loaded.
  *
- * @return                0 on success; nonzero on failure.
+ * @return                    0 on success; nonzero on failure.
  */
 int boot_save_shared_data(const struct image_header *hdr,
-                          const struct flash_area *fap);
+                          const struct flash_area *fap,
+                          const uint8_t active_slot,
+                          const int max_app_size);
 
 #ifdef __cplusplus
 }

boot/bootutil/include/bootutil/boot_status.h

@@ -85,6 +85,7 @@ extern "C" {
  * consumer of shared data in runtime SW.
  */
 #define TLV_MAJOR_IAS      0x1
+#define TLV_MAJOR_BLINFO   0x2
 
 /* Initial attestation: Claim per SW components / SW modules */
 /* Bits: 0-2 */
@@ -106,6 +107,37 @@ extern "C" {
 #define SET_IAS_MINOR(sw_module, claim) \
         (((uint16_t)(sw_module) << MODULE_POS) | (claim))
 
+/* Bootloader information */
+#define BLINFO_MODE                 0x00
+#define BLINFO_SIGNATURE_TYPE       0x01
+#define BLINFO_RECOVERY             0x02
+#define BLINFO_RUNNING_SLOT         0x03
+#define BLINFO_BOOTLOADER_VERSION   0x04
+#define BLINFO_MAX_APPLICATION_SIZE 0x05
+
+enum mcuboot_mode {
+    MCUBOOT_MODE_SINGLE_SLOT,
+    MCUBOOT_MODE_SWAP_USING_SCRATCH,
+    MCUBOOT_MODE_UPGRADE_ONLY,
+    MCUBOOT_MODE_SWAP_USING_MOVE,
+    MCUBOOT_MODE_DIRECT_XIP,
+    MCUBOOT_MODE_DIRECT_XIP_WITH_REVERT,
+    MCUBOOT_MODE_RAM_LOAD
+};
+
+enum mcuboot_signature_type {
+    MCUBOOT_SIGNATURE_TYPE_NONE,
+    MCUBOOT_SIGNATURE_TYPE_RSA,
+    MCUBOOT_SIGNATURE_TYPE_ECDSA_P256,
+    MCUBOOT_SIGNATURE_TYPE_ED25519
+};
+
+enum mcuboot_recovery_mode {
+    MCUBOOT_RECOVERY_MODE_NONE,
+    MCUBOOT_RECOVERY_MODE_SERIAL_RECOVERY,
+    MCUBOOT_RECOVERY_MODE_DFU,
+};
+
 /**
  * Shared data TLV header.  All fields in little endian.
  *

boot/bootutil/include/bootutil/bootutil_public.h

@@ -39,9 +39,11 @@
 #define H_BOOTUTIL_PUBLIC
 
 #include <inttypes.h>
+#include <stdbool.h>
 #include <string.h>
 #include <flash_map_backend/flash_map_backend.h>
 #include <mcuboot_config/mcuboot_config.h>
+#include <bootutil/image.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -83,8 +85,10 @@ extern "C" {
 
 #ifdef MCUBOOT_BOOT_MAX_ALIGN
 
+#if defined(MCUBOOT_SWAP_USING_MOVE) || defined(MCUBOOT_SWAP_USING_SCRATCH)
 _Static_assert(MCUBOOT_BOOT_MAX_ALIGN >= 8 && MCUBOOT_BOOT_MAX_ALIGN <= 32,
-               "Unsupported value for MCUBOOT_BOOT_MAX_ALIGN");
+               "Unsupported value for MCUBOOT_BOOT_MAX_ALIGN for SWAP upgrade modes");
+#endif
 
 #define BOOT_MAX_ALIGN          MCUBOOT_BOOT_MAX_ALIGN
 #define BOOT_MAGIC_ALIGN_SIZE   ALIGN_UP(BOOT_MAGIC_SZ, BOOT_MAX_ALIGN)
@@ -266,6 +270,45 @@ int
 boot_read_swap_state(const struct flash_area *fa,
                      struct boot_swap_state *state);
 
+/**
+ * @brief Set next image application slot by flash area pointer
+ *
+ * @param fa pointer to flash_area representing image to set for next boot;
+ * @param active should be true if @fa points to currently running image
+ *        slot, false otherwise;
+ * @param confirm confirms image; when @p active is true, this is considered
+ *        true, regardless of passed value.
+ *
+ * It is users responsibility to identify whether @p fa provided as parameter
+ * is currently running/active image and provide proper value to @p active.
+ * Failing to do so may render device non-upgradeable.
+ *
+ * Note that in multi-image setup running/active application is the one
+ * that is currently being executed by any MCU core, from the pair of
+ * slots dedicated to that MCU core. As confirming application currently
+ * running on a given slot should be, preferably, done after functional
+ * tests prove application to function correctly, it may not be a good idea
+ * to cross-confirm running images.
+ * An application should only confirm slots designated to MCU core it is
+ * running on.
+ *
+ * @return 0 on success; non-zero error code on failure.
+ */
+int
+boot_set_next(const struct flash_area *fa, bool active, bool confirm);
+
+/**
+ * Attempts to load image header from flash; verifies flash header fields.
+ *
+ * @param[in]   fa_p    flash area pointer
+ * @param[out]  hdr     buffer for image header
+ *
+ * @return              0 on success, error code otherwise
+ */
+int
+boot_image_load_header(const struct flash_area *fa_p,
+                       struct image_header *hdr);
+
 #ifdef __cplusplus
 }
 #endif

boot/bootutil/include/bootutil/caps.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2017 Linaro Limited
- * Copyright (c) 2021 Arm Limited
+ * Copyright (c) 2021-2023 Arm Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ extern "C" {
 uint32_t bootutil_get_caps(void);
 
 #define BOOTUTIL_CAP_RSA2048                (1<<0)
-#define BOOTUTIL_CAP_ECDSA_P224             (1<<1)
+                                /* reserved (1<<1) */
 #define BOOTUTIL_CAP_ECDSA_P256             (1<<2)
 #define BOOTUTIL_CAP_SWAP_USING_SCRATCH     (1<<3)
 #define BOOTUTIL_CAP_OVERWRITE_UPGRADE      (1<<4)
@@ -51,6 +51,8 @@ uint32_t bootutil_get_caps(void);
 #define BOOTUTIL_CAP_AES256                 (1<<15)
 #define BOOTUTIL_CAP_RAM_LOAD               (1<<16)
 #define BOOTUTIL_CAP_DIRECT_XIP             (1<<17)
+#define BOOTUTIL_CAP_HW_ROLLBACK_PROT       (1<<18)
+#define BOOTUTIL_CAP_ECDSA_P384             (1<<19)
 
 /*
  * Query the number of images this bootloader is configured for.  This

boot/bootutil/include/bootutil/crypto/common.h

@@ -1,19 +1,20 @@
-/*
- * SPDX-License-Identifier: Apache-2.0
- *
- * Copyright (c) 2021 Arm Limited
- */
-
-#ifndef __BOOTUTIL_CRYPTO_COMMON_H__
-#define __BOOTUTIL_CRYPTO_COMMON_H__
-
-/* TODO May need to update this in a future 3.x version of Mbed TLS.
- * Extract a member of the mbedtls context structure.
- */
-#if MBEDTLS_VERSION_NUMBER >= 0x03000000
-#define MBEDTLS_CONTEXT_MEMBER(X) MBEDTLS_PRIVATE(X)
-#else
-#define MBEDTLS_CONTEXT_MEMBER(X) X
-#endif
-
-#endif /* __BOOTUTIL_CRYPTO_COMMON_H__ */
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright (c) 2021 Arm Limited
+ */
+
+#ifndef __BOOTUTIL_CRYPTO_COMMON_H__
+#define __BOOTUTIL_CRYPTO_COMMON_H__
+
+/* The check below can be performed even for those cases
+ * where MCUBOOT_USE_MBED_TLS has not been defined
+ */
+#include "mbedtls/version.h"
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+#define MBEDTLS_CONTEXT_MEMBER(X) MBEDTLS_PRIVATE(X)
+#else
+#define MBEDTLS_CONTEXT_MEMBER(X) X
+#endif
+
+#endif /* __BOOTUTIL_CRYPTO_COMMON_H__ */